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~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

• Extensions of time may be available under the provisions of 37 CFR 1 .136(a). in no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

• Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

• Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I) S Responsive to communication(s) filed on 03 February 2003 . 
2a)D This action is FINAL. 2b)M This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-36 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) H3 Claim(s) 1-36 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)13 The drawing(s) filed on 11/03/11 is/are: a)H accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

I I) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
Priority under 35 U.S.C. §§119 and 120 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)D All b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

13) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application) 

since a specific reference was included in the first sentence of the specification or in an Application Data Sheet. 
37 CFR 1.78. 

a) □ The translation of the foreign language provisional application has been received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 since a specific 

reference was included in the first sentence of the specification or in an Application Data Sheet. 37 CFR 1 .78. 
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1) ^ Notice of References Cited (PTO-892) 

2) d Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) ^ Information Disclosure Statement(s) (PTO-1449) Paper No(s) g_3 . 



4) □ Interview Summary (PTO-413) Paper No(s). 

5) O Notice of Informal Patent Application (PTO-1 52) 

6) □ Other: 
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DETAILED ACTION 



1. Claims 1-36 are pending in the application. 



2. Claims 1-36 have been rejected. 



Claim Rejections - 35 USC §102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

3. Claims 1-7, 13, 14, 16-27, 29-32 and 34-36 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Shambroom U.S. Patent No. 5,923,756. 

As to claims 1 and 13, Shambroom discloses generating by a ticket service a ticket 
having an identifier and a session key [column 10 line 42 to column 11 line 41]. Shambroom 
discloses obtaining the ticket from the ticket service [column 10 line 42 to column 11 line 41]. 
Shambroom discloses transmitting the ticket to a client over a secure communication channel 
[column 10, lines 25-38]. Shambroom discloses transmitting the identifier of the ticket by the 
client to an application server over an application communication channel [column 11, lines 16- 
41]. Shambroom discloses obtaining by the application server a copy of the session key of the 
ticket from the ticket service [column 12 line 59 to column 13 line 8]. Shambroom discloses 
encrypting communications exchanged between the client and the application server over the 
application communication channel using the session key to establish the application 
communication channel as a secure communication channel [column 12 line 59 to column 13 
line 8]. 
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As to claim 2, Shambroom discloses that obtaining the ticket from the ticket service 
further comprises transmitting the ticket to a web server [column 10, lines 16-37]. 

As to claim 3, Shambroom discloses that transmitting the ticket to a client further 
comprises transmitting the ticket by the web server [column 10, lines 42-67]. 

As to claim 4, Shambroom discloses that the ticket service resides on the web server 
[column 10, lines 42-67]. 

As to claim 5, Shambroom discloses transmitting by the application server the identifier 
to the web server over a server communication channel [column 7, lines 26-52]. 

As to claim 6, Shambroom discloses receiving by the application server in response to 
transmitting the identifier to the web server [column 7, lines 26-52]. 

As to claim 7, Shambroom discloses validating by the web server the identifier 
transmitted by the application server [column 7, lines 26-52]. 

As to claim 14, Shambroom suggests requesting a software application over the secure 
web communication channel [column 5, lines 10-55]. 

As to claim 16, Shambroom disclose secure socket layer technology to establish the 
secure web communication channel [column 7, lines 26-52]. 

As to claim 17, Shambroom discloses that the ticket is generated by a ticket service, as 
discussed above. 

As to claim 18, Shambroom discloses that the identifier is an application server certificate 
[column 7, lines 26-52]. 

As to claim 19, Shambroom discloses using secure socket layer technology to establish 
the application communication channel. 
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As to claim 20, Shambroom discloses transmitting a password to the application server. 

As to claim 21, Shambroom discloses receiving the ticket and a remote display protocol 
application over the web communication channel [column 10,lines 26-37]. 

As to claim 22, Shambroom discloses a ticket service generating a ticket having an 
identifier and a session key, as discussed above. Shambroom discloses a communications device 
in communication with the ticket service to obtain the ticket from the ticket service, as discussed 
above. Shambroom discloses a client in communication with the communications device over a 
secure communication channel to receive the ticket from the communications device over the 
secure communication channel [column 10,lines 26-37]. Shambroom discloses an application 
server in communication with the client over an application communication channel to receive 
the identifier of the ticket from the client and in communication with the ticket service to obtain 
a copy of the session key from the ticket service, the application server and the client exchanging 
communications over the application communication channel encrypted using the session key to 
establish the application communication channel as a secure communication channel [column 7, 
lines 26-52]. 

As to claim 23, Shambroom discloses that the ticket service resides on the 
communications device [column 10, lines 42-67]. 

As to claim 24, Shambroom discloses that the application server transmits the identifier 
to the communications device over a server communication channel [column 7, lines 26-52]. 

As to claim 25, Shambroom discloses that the application server requesting a copy of the 
session key in response to the identifier [column 1 1, lines 8-42]. 
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As to claim 26, Shambroom discloses that the communications device validates the 
identifier transmitted by the application server [column 7, lines 26-52]. 

As to claim 27, Shambroom suggests that the communications device confirms that the 
application server has not previously transmitted the identifier [column 7, lines 26-52]. 

As to claim 29, Shambroom discloses that the communications device transmits the 
session key to the application server over the server communication channel in response to the 
identifier, as discussed above. 

As to claim 30, Shambroom discloses that the server communication channel is a secure 
communication channel, as discussed above. 

As to claim 31, Shambroom discloses that the communications device transmits 
additional information to the application server over the server communication channel [column 
10, lines 61-67]. 

As to claim 32, Shambroom discloses that the additional ticket information further 
comprises login information of a user of the client [column 10, lines 42-67]. 

As to claim 34, Shambroom discloses that the communications device further comprises 
a web server, as discussed above. 

As to claim 35, Shambroom discloses that the client transmits a password of a user 
operating the client to the application server [column 10, lines 42-67]. 

As to claim 36, Shambroom discloses that the ticket service transmits information 
corresponding to at least one of the client and a user operating the client to the application server 
[column 10, lines 42-67]. 
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4. Claim 12 is rejected under 35 U.S.C. 102(b) as being anticipated by Sirbu et al U.S. 
Patent No. 5,809,144. 

As to claim 12, Sirbu et al discloses establishing a secure web communication channel 
between a web browser executing on the client and a web server [column 7 lines 64 to column 8 
line 44]. Sirbu et al discloses receiving a ticket having an identifier and a session key from the 
web server over the secure web communication channel [column 12, lines 46-67]. Sirbu et al 
discloses transmitting the identifier of the ticket to the application server over an application 
communication channel to provide the application server with information for obtaining a copy 
of the session key [column 13, lines 15-67], 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

5. Claims 8 and 28 are rejected under 35 U.S.C 103(a) as being unpatentable over 
Shambroom U.S. Patent No. 5,923,756 as applied to claim 1 above, and further in view of 
Johnson et al U.S. Patent No. 5,560,008. 

As to claims 8 and 28, Shambroom does not teach confirming by the web server that the 
identifier is received by the web server within a certain time frame relative to a time that the 
identifier is transmitted by the web server to the client. 
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Johnson et al teaches confirming by a server that an identifier is received by the web 
server within a certain time frame relative to a time that the identifier is transmitted by a web 
server to a client [column 10 line 62 to column 1 1 line 29]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Shambroom so that the web server confirmed that 
the that the identifier was received by the web server within a certain time frame relative to a 
time that the identifier was transmitted by the web server to the client. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Shambroom by the teaching of Johnson et al because the 
server is not required to store the user information longer than needed or desired by the server. 
This provides for the cases in which the authentication for a user is good for a specified length 
of time, such as a certain number of minutes or hours or days. After this predetermined period 
of time, the server discards the credentials structure, and will no longer honor a request 
containing that credentials identifier. This forces the user machine to perform a new request for 
service, thereby inherently enforcing a periodic authentication of remote users in order to ensure 
that there has not been a masquerading of users [column 6, lines 38-49], 

6. Claims 9-11 are rejected under 35 U.S.C. 103(a) as being unpatentable over Shambroom 
U.S. Patent No. 5,923,756 as applied to claim 1 above, and further in view of Davis U.S. 
Patent No. 5,818,939. 

As to claims 9 and 10, Shambroom does not teach that the session key is substantially 
equivalent to a null value. Shambroom does not teach that the null value is a constant value. 
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Davis teaches session keys that are equivalent to a null value. Davis teaches that the null 
value is a constant value [column 4 line 57 to column 5 line 12]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Shambroom so that the session keys had a null 
value and the null value was constant. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Shambroom by the teaching of Davis because the 
examiner asserts by assigning this value to the session key this enables the client and server to 
know if the session key is still valid for communication. 

As to claim 11, Shambroom teaches establishing the application communication channel 
is a secure communication channel, as discussed above. 

7. Claim 15 is rejected under 35 U.S.C 103(a) as being unpatentable over Shambroom U.S. 
Patent No. 5,923,756 as applied to claim 13 above, and further in view of Gifford U.S. 
Patent No. 6,049,785. 

As claim 1 5, Shambroom does not teach that the identifier is a nonce. 
Gifford teaches an identifier that is a nonce. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Shambroom so that the identifier was a nonce. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Shambroom by the teaching of Gifford because the 
examiner asserts that a nonce is used to prevent replay attacks. 
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8. Claim 33 is rejected under 35 U.S.C. 103(a) as being unpatentable over Shambroom U.S. 
Patent No. 5,923,756 as applied to claim 22 above, and further in view of McDonough et al 
U.S. Patent No. 5,991878. 

As to claim 33, Shambroom does not teach that the additional ticket information further 
comprises a name of a software application executing on the application server. 

McDonough et al teaches that a ticket contains that name of a software application 
executing on a server [column 3 line 58 to column 4 line 5]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Shambroom so that the ticket contained the name 
of the software application executing on the application server. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Shambroom by the teaching of McDonough et al because 
it helps prevent unintended dissemination of the old data that resided in the memory buffer just 
after allocation, but also helps prevent the new data in the memory buffer from being provided 
to a user that lacks authorization for access to the new data [column 2, lines 17-21]. 



# 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 



examiner should be directed to Aravind K Moorthy whose telephone number is 703-305-1373. 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 703-305-9648. The fax phone number for the 
organization where this application or proceeding is assigned is 703-746-7239. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-1373. 



Aravind K Moorthy 
November 20, 2003 



' AYAZ SHEIKH 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




